added version, severity and requiredDataConnectors
This commit is contained in:
Родитель
988316a2fb
Коммит
34af7566cc
|
@ -7,6 +7,8 @@ description: |
|
|||
Reference: https://github.com/Azure/SimuLand/blob/main/3_simulate_detect/credential-access/exportADFSTokenSigningCertificate.md
|
||||
Reference: https://o365blog.com/post/adfs/
|
||||
'
|
||||
severity: Medium
|
||||
requiredDataConnectors: []
|
||||
tactics:
|
||||
- Collection
|
||||
relevantTechniques:
|
||||
|
@ -22,3 +24,13 @@ query: |
|
|||
| extend session_server_principal_name = extract("session_server_principal_name:([\\S]+)", 1, RenderedDescription)
|
||||
| extend server_principal_name = extract("session_server_principal_name:([\\S]+)", 1, RenderedDescription)
|
||||
| extend HostCustomEntity = Computer, AccountCustomEntity = split(server_principal_name, '\\')[1]
|
||||
entityMappings:
|
||||
- entityType: Account
|
||||
fieldMappings:
|
||||
- identifier: FullName
|
||||
columnName: AccountCustomEntity
|
||||
- entityType: Host
|
||||
fieldMappings:
|
||||
- identifier: FullName
|
||||
columnName: HostCustomEntity
|
||||
version: 1.0.0
|
Загрузка…
Ссылка в новой задаче